The well-known free service VirusTotal, which analyzes suspicious files and links to detect viruses, Trojans and other malicious programs, has released its first report on ransomware. According to the SecurityLab.ru resource, during 2020 and the first half of 2021, at least 130 different ransomware families were active.
VirusTotal analyzed over 80 million ransomware samples that were uploaded to the site during the specified period. Most of the malicious samples came from Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran, and the United Kingdom. However, as the service specialists explain, this does not mean that ransomware is most common in these countries, or that they are sources. The large number of downloads to check files on VirusTotal may be due to the fact that many companies in these countries are automating this process.
According to VirusTotal, the most active ransomware family is GandCrab (78.5% of samples). It is followed by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%) , Teslacrypt (1.12%), Rkor (1.11%) and Reveton (0.70%).
As for operating systems, the largest number of detected malware targets Windows devices (95% are executable files or DLL libraries). For Android, such ransomware is only 2.09%. Apple owners are not in danger, although in the middle of last year, the EvilQuest malware attacking Mac was discovered.
About 5% of analyzed samples are associated with exploits, and the most active ransomware additionally download and activate various malicious programs.